SULDR Forums Supported Printers Printing Questions Scanning Questions General Questions Samsung Installer

How do I configure my UFW firewall for the SCX-3400W?

Started by detly, April 07, 2013, 06:51:05

Previous topic - Next topic

detly

I have a Samsung SCX-3400W that is connected to my wireless router and available over the network. It works too — if I run the configurator tool on my Ubuntu 12.10 machine, it's detected and I can scan things in from it.

But I can only do this with the firewall off (UFW, managed with GUFW). If I turn it on, it's not detected.

Here's the output of netdiscovery with the firewall off:

# /opt/Samsung/mfp/bin/netdiscovery -s --snmp
# Mode snmp
# Network printers discovery utility
# Legend: ip: address slp: detected,ipp,lpr,raw_tcp snmp: detected,devtype,description
ip: 192.168.1.106   slp: 0,0,0,0 snmp: 1,1,0 vendor: Samsung dsc: "SCX-3400 Series"
# Total 1 printers found, 2s elapsed

And with it on:

# /opt/Samsung/mfp/bin/netdiscovery -s --snmp
# Mode snmp
# Network printers discovery utility
# Legend: ip: address slp: detected,ipp,lpr,raw_tcp snmp: detected,devtype,description
# Total 0 printers found, 4s elapsed

(It's not just netdiscovery, the configurator won't find it if the firewall is on either.)

I've tried opening these ports for both TCP and UDP: 161, 162, 10161, 10162, 5353, 9100. No difference. So do I have to disable the firewall every time, or is there some combination of ports I can open for scanning on the SCX-3400W?

bchemnet

You need to allow all incoming UDP packets on all ports (or at least > 1024) from the printer.  The netdiscovery tool uses UDP on a variable port.  The iptables rule is something like this:
iptables -A INPUT -p udp -s PRINTER -j ACCEPT

Where PRINTER is the network name or IP address of the printer.  (If the printer is on a static IP, that is more reliable because network names do not always resolve when the firewall first loads upon boot.  If it isn't static and the name isn't resolving correctly,  you can use a range of IP addresses, such as 192.168.1.0/24, to ensure that whatever dynamic IP address it has is in the allowed range.)

I have never used UFW or GUFW, and from the available documentation it is not obvious to me how one could set up this rule using that interface.  Because GUFW is 2 steps removed from the actual firewall (iptables -> ufw -> gufw), you may give up a lot of flexibility using it.

marcelinomd

I have a CLX-3185FN and after some probes with tcpdump, I can confirm that we need to open only port 22161/UDP

Repository Information Legal Contact Alternative Drivers